This project inject a DLL in a running process (Using PID or process name) to hook and intercept call to CryptGenKey. If possible, a null key is imported instead of an unknown random key. The hook is really simple and might not work for every case.
CryptBackdoor – Windows Crypt API hook to generate weak keys
This backdoor can be useful when doing network analysis encrypted with session key from CryptGenKey on a machine controlled by the analyst.
Usage
To load the CryptBackdoor in the process and generate a null key, use:
After running this command, running CryptTest.exe processes should now generate the same key on each message.
Projects:
+ CryptTest
Small utility that generate a key in loop and encrypt a given plaintext. Used to test the CryptBackdoor loader and DLL.
+ HookLoaderUtility to load a DLL in a process from its name or PID.
+ CryptBackdoor
DLL that hook to CryptGenKey and generate a weak known key instead of a random key.
Download : CryptBackdoor.7z(253 KB)
Source : https://github.com/isra17